research-article

A system for risk awareness during role mining

Authors:

Sharmin Ahmed,

Sylvia L. OsbornAuthors Info & Claims

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

Pages 181 - 184

https://doi.org/10.1145/2613087.2613095

Published: 25 June 2014 Publication History

Get Access

Abstract

This paper demonstrates a proof-of-concept prototype that is able to automatically and effectively detect and report different types of risk factors during the process of role mining. A role mining platform is embedded within the tool so that different role-mining algorithms can be used. Once roles are generated, a further analysis is done to detect risk presented by the roles output. To the best of our knowledge there is no such system that effectively detects risk factors and mines roles at the same time. The tool is easy to use, flexible and effective in automatically detecting risk. It can be useful for data analysts and role engineers.

References

[1]

E. Celikel, M. Kantarcioglu, X. Li, and E. Bertino. A Risk Management Approach to RBAC. Risk and Decision Analysis, 1(2), November 2009.

Google Scholar

[2]

S. Chari, I. Molloy, Y. Park, and W. Teiken. Ensuring continuous compliance through reconciling policy with usage. In Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT '13, pages 49--60, New York, NY, USA, 2013. ACM.

Digital Library

Google Scholar

[3]

A. Colantonio, R. Di Pietro, A. Ocello, and N. V. Verde. Evaluating the risk of adopting rbac roles. In Proceedings of the 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSec'10, pages 303--310, Berlin, Heidelberg, 2010. Springer-Verlag.

Digital Library

Google Scholar

[4]

A. Colantonio, R. Di Pietro, A. Ocello, and N. V. Verde. A new role mining framework to elicit business roles and to mitigate enterprise risk. Decis. Support Syst., 50(4):715--731, Mar. 2011.

Digital Library

Google Scholar

[5]

H. Huang, F. Shang, and J. Zhang. Approximation algorithms for minimizing the number of roles and administrative assignments in rbac. In Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops, COMPSACW '12, pages 427--432, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

Google Scholar

[6]

M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining - revealing business roles for security administration using data mining technology. In Proceedings of the eighth ACM symposium on Access control models and technologies, SACMAT '03, pages 179--186, New York, NY, USA, 2003.

Digital Library

Google Scholar

[7]

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Trans. Inf. Syst. Secur., 2(1):3--33, Feb. 1999.

Digital Library

Google Scholar

Cited By

View all

Vasiliadis CGeorgiadis CZdravkova KEleftherakis GKefalas P(2017)A Survey on Access Control Mechanisms in E-commerce EnvironmentsProceedings of the 8th Balkan Conference in Informatics10.1145/3136273.3136288(1-6)Online publication date: 20-Sep-2017
https://dl.acm.org/doi/10.1145/3136273.3136288
De Jesús MDomínguez RCantalapiedra JIglesias ALorenzo J(2016)Effect of the amount of chestnuts in the diet of Celta pigs on the fatty acid profile of dry-cured laconGrasas y Aceites10.3989/gya.049215167:1(e119)Online publication date: 4-Feb-2016
https://doi.org/10.3989/gya.0492151
Jin CShen AYu W(2016)The RBAC System Based on Role Risk and User TrustInternational Journal of Computer and Communication Engineering10.17706/IJCCE.2016.5.5.374-3805:5(374-380)Online publication date: 2016
https://doi.org/10.17706/IJCCE.2016.5.5.374-380
Show More Cited By

Index Terms

A system for risk awareness during role mining
1. Security and privacy
  1. Database and storage security
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

Risk Summarization
ICCIS '11: Proceedings of the 2011 International Conference on Computational and Information Sciences

Risk management includes phases such as risk identification, risk assessment and risk control. Little work has focused on risk summarization, which is a useful phase of risk management. Risk summarization means a list of occurred risks, risk ...
A Tool for Teaching Risk
ITNG '12: Proceedings of the 2012 Ninth International Conference on Information Technology - New Generations

Students tend to think optimistically about the software they construct. They believe the software will be defect free, and underestimate apparent risks to the development process. In the Software Enterprise, a 4-course upper division project sequence, ...
Application of Risk Metrics for Role Mining

Comments

Information & Contributors

Information

Published In

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

June 2014

234 pages

ISBN:9781450329392

DOI:10.1145/2613087

General Chair:
Sylvia Osborn
University of Western Ontario, Canada
,
Program Chairs:
Mahesh V. Tripunitara
University of Waterloo, Canada
,
Ian M. Molloy
IBM Research, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '14

Sponsor:

SIGSAC

SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies

June 25 - 27, 2014

Ontario, London, Canada

Acceptance Rates

SACMAT '14 Paper Acceptance Rate 17 of 58 submissions, 29%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
136
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Vasiliadis CGeorgiadis CZdravkova KEleftherakis GKefalas P(2017)A Survey on Access Control Mechanisms in E-commerce EnvironmentsProceedings of the 8th Balkan Conference in Informatics10.1145/3136273.3136288(1-6)Online publication date: 20-Sep-2017
https://dl.acm.org/doi/10.1145/3136273.3136288
De Jesús MDomínguez RCantalapiedra JIglesias ALorenzo J(2016)Effect of the amount of chestnuts in the diet of Celta pigs on the fatty acid profile of dry-cured laconGrasas y Aceites10.3989/gya.049215167:1(e119)Online publication date: 4-Feb-2016
https://doi.org/10.3989/gya.0492151
Jin CShen AYu W(2016)The RBAC System Based on Role Risk and User TrustInternational Journal of Computer and Communication Engineering10.17706/IJCCE.2016.5.5.374-3805:5(374-380)Online publication date: 2016
https://doi.org/10.17706/IJCCE.2016.5.5.374-380
Mitra BSural SVaidya JAtluri V(2016)A Survey of Role MiningACM Computing Surveys10.1145/287114848:4(1-37)Online publication date: 22-Feb-2016
https://dl.acm.org/doi/10.1145/2871148

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Risk Summarization

A Tool for Teaching Risk

Application of Risk Metrics for Role Mining

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations